Lucene search
K
OracleApi Gateway

12 matches found

CVE
CVE
added 2020/12/08 3:30 p.m.1190 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2018/11/15 9:0 p.m.671 views

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

4.7CVSS5.6AI score0.03418EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.596 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2018/10/29 1:0 p.m.568 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2018/10/30 12:0 p.m.536 views

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

5.9CVSS5.9AI score0.12154EPSS
CVE
CVE
added 2020/10/01 7:24 p.m.315 views

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

7.5CVSS6.9AI score0.08235EPSS
CVE
CVE
added 2020/11/12 12:0 a.m.294 views

CVE-2019-17566

CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...

7.5CVSS8.2AI score0.1074EPSS
CVE
CVE
added 2018/07/09 8:0 p.m.283 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.227 views

CVE-2015-3195

CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...

5.3CVSS6.3AI score0.38709EPSS
CVE
CVE
added 2018/06/05 1:0 p.m.213 views

CVE-2018-1000180

CVE-2018-1000180 affects Bouncy Castle BC 1.54–1.59 (and BC-FJA 1.0.0/1.0.1) with a flaw in the Low-level RSA key pair generator interface that may produce RSA key pairs with fewer Miller–Rabin primality tests than expected. IBM vulnerability bulletins associate this CVE with IBM products (e.g., ...

7.5CVSS7.1AI score0.03592EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.55 views

CVE-2017-3601

CVE-2017-3601 affects Oracle Fusion Middleware's Oracle API Gateway (subcomponent Oracle API Gateway), specifically version 11.1.2.4.0. The vulnerability is exploitable over a network via HTTP and can be triggered by an unauthenticated attacker, with user interaction required for exploitation. Su...

8.8CVSS7.8AI score0.02333EPSS